What are the repercussions if admin or client with admin like privileges provides another third-party unauthorized access to the client instance?

We have full restoration capabilities and have the ability to see all activity and change logs. The ability to reverse engineer is there theoretically.